Hello,
Am trying to control client access for vRO embedded in vRA 7.1.
vRA is configured to authenticate to AD using integrated windows authentication.
vRO is configured to use vRA's component registry at the authentication provider.
Have tested configuring an AD group as the admin group for vRO, and that works fine. AD users in that group can login successfully via the vRO client as a full administrator.
However, attempting to provide access to a different AD group by assigning permissions within the client gives an invalid username/password error when attempting loggin with the client. The following error shows up in /var/log/vco/app-server on the vra appliance:
server.log:2016-11-25 20:33:34.949+0000 [http-nio-127.0.0.1-8280-exec-1] ERROR {} [DefaultVerifier] User LDAP-USER-['MyUser'] - MyDomain\MyUser doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).
server.log:2016-11-25 20:33:34.950+0000 [http-nio-127.0.0.1-8280-exec-1] INFO {} [UsersController] Unsuccessful login attempt by user 'MyUser'. Access point type 'client'
server.log:ch.dunes.util.DunesServerException: ch.dunes.util.NotAuthorizedException: [0002]User 'MyUser' is not authorized!
MyUser is a member of the group SDDC-UAT-vRO-Developer, which has been assigned 'View' rights below.
The full environment has been completely restarted with no success.
Anyone have this working? Have I set it up correctly?
Thx
matt